sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-06-24 15:03:05 +03:00
Code Issues Packages Projects Releases Wiki Activity

New tamper script (per user request)

Browse Source
This commit is contained in:
Miroslav Stampar 2018-05-30 15:48:16 +02:00
parent eb498e6c03
commit 694b5bb5c0
3 changed files with 45 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/settings.py
View File

@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.2.5.23" VERSION = "1.2.5.24"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

42
tamper/0x2char.py Normal file
View File

@ -0,0 +1,42 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
import re
from lib.core.data import kb
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.NORMAL
def dependencies():
pass
def tamper(payload, **kwargs):
"""
Replaces each (MySQL) 0x<hex> encoded string with equivalent CONCAT(CHAR(),...) counterpart
Tested against:
* MySQL 4, 5.0 and 5.5
Notes:
* Useful in cases when web application does the upper casing
>>> tamper('SELECT 0xdeadbeef')
'SELECT CONCAT(CHAR(222),CHAR(173),CHAR(190),CHAR(239))'
"""
retVal = payload
if payload:
for match in re.finditer(r"\b0x([0-9a-f]+)\b", retVal):
if len(match.group(1)) > 2:
result = "CONCAT(%s)" % ','.join("CHAR(%d)" % ord(_) for _ in match.group(1).decode("hex"))
else:
result = "CHAR(%d)" % ord(match.group(1).decode("hex"))
retVal = retVal.replace(match.group(0), result)
return retVal

3
txt/checksum.md5
View File

@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
fcb74fcc9577523524659ec49e2e964b lib/core/session.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py
dbf72e4b82773ade88cc34a53f80abcb lib/core/settings.py dcdc0a7179010067fdbf8ad1fa9ab09e lib/core/settings.py
0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py
a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py
6306284edcccc185b2df085438572b0d lib/core/target.py 6306284edcccc185b2df085438572b0d lib/core/target.py
@ -226,6 +226,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_
2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_
4eaeef94314956e4517e5310a28d579a sqlmapapi.py 4eaeef94314956e4517e5310a28d579a sqlmapapi.py
5c8583dd47f92935ceb41210a10eeebf sqlmap.py 5c8583dd47f92935ceb41210a10eeebf sqlmap.py
b2c2cc55ba4e31bea94494dcafe5d8cc tamper/0x2char.py
4c3b8a7daa4bff52e01d4168be0eedbe tamper/apostrophemask.py 4c3b8a7daa4bff52e01d4168be0eedbe tamper/apostrophemask.py
4115a55b8aba464723d645b7d3156b6e tamper/apostrophenullencode.py 4115a55b8aba464723d645b7d3156b6e tamper/apostrophenullencode.py
d7e9a979eff4d7315d804a181e66fc93 tamper/appendnullbyte.py d7e9a979eff4d7315d804a181e66fc93 tamper/appendnullbyte.py